Holistic is a popular word these days. Often applied to food and medicine, the word conjures images of natural, healthy living, but the word holistic refers to the function of an entity as a whole, including the interdependence of all its parts. Given this broader meaning, holistic can (and should) be applied when thinking strategically about the way a business organization operates. Successful, well-functioning organizations most adapt to change, be flexible in their relationships, and innovative in their approach to business. They must not only have the capacity to react to change, but to anticipate change and act innovatively.
The tendency for businesses to regard different functions based on a department’s purpose or a division’s mission can result in segmentation, causing strategies to be developed independent of each other. However, when you think about the many ways sensitive, proprietary, and private information is distributed throughout an enterprise – and between partners – the term holistic begins to make more sense in an information security context.
The Ponemon Institute has been working closely with Unisys Corporation to better understand the ways organizations use and manage data, and to think about new ways to approach applying integrated, holistic information security for today’s data-intensive business challenges. As a foundational step, we designed a new study that would allow us to benchmark current security strategies in use by 59 companies that are recognized information security leaders in their industries. By focusing on strategy rather than tactics, we believe we’ve identified a number of characteristics that can be used by any organization to evaluate and create a new approach to information security.
I’ll outline some of what we learned here, but understand that the results of this study cannot be adequately conveyed in a brief blog posting.
· Ninety percent of study participants agreed or strongly agreed that aligning security with explicitly defined business objectives is the single most important purpose of a security strategy;
· The most important priorities for a successful security strategy are to focus on people (42%), technology (39%), processes (14%), and policies (5%);
· In order to adapt to both changing business needs and a changing threat environment, 71 percent of study participants agreed or strongly agreed that security objectives must be flexible, and that rigid objectives may stymie operations; and,
· Seventy five percent of participants agreed or strongly agreed that collaboration between departments and business units is essential to achieving security objectives.
Overall we measured 16 characteristics of a successful security strategy and, through our research, feel we’ve been able to reach a number of important conclusions about what the results of our study mean as you work to design and implement the best possible strategy for your organization.
Of course we are excited about what we’ve learned and would love to share that knowledge with you in greater detail. If you’d like to have a copy of the benchmark report, Security Integrated & Holistic: Benchmark Study of IT Security Leaders, let us know. If you would like to have a discussion about what these findings mean for your organization, please give us a call.
And if you have any thoughts you’d like to share, please add your comments to this blog. We’d love to hear from you.
RSS Feed
Add Comment
(0 comments)